Method and system for attribute exchange in a heterogeneous federated environment

US 20040128546A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing user attribute information within a data processing system, the method comprising:

receiving from a user a request for a resource at a service provider;

determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;

sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;

receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;

determining that the response message comprises an attribute assertion; and

forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user'"'"'s attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, may maintain a trust relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP does not have a trust relationship with one of the user'"'"'s AIPs, then the ECSP can rely upon a trust proxy to interpret and validate an attribute assertion that is received from an AIP.

360 Citations

18 Claims

1. A method for managing user attribute information within a data processing system, the method comprising:
- receiving from a user a request for a resource at a service provider;
  
  determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
  
  determining that the response message comprises an attribute assertion; and
  
  forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
  - 3. The method of claim 1 further comprising:
    - determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
  - 4. The method of claim 3 further comprising:
    - halting retrievals for user attribute information for the user in accordance with the control flag.
  - 5. The method of claim 3 further comprising:
    - performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 6. The method of claim 1 further comprising:
    - performing a user-specific operation for the resource based on retrieved user attribute information for the user.

7. A computer program product in a computer readable medium for use in a data processing system for managing user attribute information, the computer program product comprising:
- means for receiving from a user a request for a resource at a service provider;
  
  means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
  
  means for determining that the response message comprises an attribute assertion; and
  
  means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7 further comprising:
    - means for forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
  - 9. The computer program product of claim 7 further comprising:
    - means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
  - 10. The computer program product of claim 9 further comprising:
    - means for halting retrievals for user attribute information for the user in accordance with the control flag.
  - 11. The computer program product of claim 9 further comprising:
    - means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 12. The computer program product of claim 7 further comprising:
    - means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.

13. An apparatus for managing user attribute information, the apparatus comprising:
- means for receiving from a user a request for a resource at a service provider;
  
  means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider;
  
  means for determining that the response message comprises an attribute assertion; and
  
  means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13 further comprising:
    - means for forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
  - 15. The apparatus of claim 13 further comprising:
    - means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
  - 16. The apparatus of claim 15 further comprising:
    - means for halting retrievals for user attribute information for the user in accordance with the control flag.
  - 17. The apparatus of claim 15 further comprising:
    - means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 18. The apparatus of claim 13 further comprising:
    - means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony Joseph, Hinton, Heather Maria, Pfitzmann, Birgit Monika, Blakley, George Robert III

Application Number

US10/334,539
Publication Number

US 20040128546A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Method and system for attribute exchange in a heterogeneous federated environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

360 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for attribute exchange in a heterogeneous federated environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

360 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links